Security

There are many easy ways for teachers to protect the security of student data. Our favorite checklist on this topic was developed for Fordham University School of Law, Technology and Privacy Law by Elizabeth Walker. Check out the full checklist in PDF here, or our version of the checklist below.

General Guidelines

Do not share passwords for school accounts with anyone, including other staff, family members, or significant others. Check out some of the suggestions in this article for how to create a secure password. You can also use password managers like LastPass or 1Password to help you remember your passwords and keep them secure.

Use different passwords for your school accounts than you do for personal accounts.

Avoid connecting to the Internet through wireless networks (WiFi) that are not password protected.

Immediately report to the administration any suspicious activity involving or affecting technology related to school work, school accounts, or student data.

Back up your data regularly. If your account is hacked, subject to ransomware, or there is just a technical bug, you will be very glad that you kept a backup of your data.

Accessing or Sharing Student Data

Ask the administration whether your district or school has a policy about using or sharing student
data.

Only access the student data that you have permission to access.

Only access student data for legitimate school or educational purposes.

When accessing student data, only use computers or devices that have either been approved by the
school or that contain security software and are password protected.

Lock up hardcopy files and devices with access to student data.

Do not share or disclose student data without authorization from an administrator, parent, or
guardian.

Do not share student data during public meetings or presentations; use fictitious records instead.

Avoid sending student data via email unless specifically authorized.

Immediately report any incidents to the administration where you believe student data may have
been inappropriately accessed or shared.